Proper study guides for Down to date CompTIA CompTIA Security+ Certification certified begins with CompTIA SY0-401 preparation products which designed to deliver the Validated SY0-401 questions by making you pass the SY0-401 test at your first time. Try the free SY0-401 demo right now.

2021 Dec SY0-401 download

Q381. In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using? 

A. Three factor 

B. Single factor 

C. Two factor 

D. Four factor 

Answer:

Explanation: 

Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know. 


Q382. Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives? 

A. Virtualization 

B. Remote access 

C. Network access control 

D. Blade servers 

Answer:

Explanation: 

Because Virtualization allows a single set of hardware to host multiple virtual machines, it requires less hardware to maintain the current scenario. 


Q383. Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack? 

A. ARP poisoning 

B. DoS 

C. Replay 

D. Brute force 

Answer:

Explanation: 

A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 

For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve. 

Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob's computation. Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication. One-time passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems. Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check. Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers, with the trade-off being that replay attacks, if they are performed quickly enough i.e. within that 'reasonable' limit, could succeed. 


Q384. On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge. Which of the following does this describe? 

A. Tailgating 

B. Shoulder surfing 

C. Interference 

D. Illegal downloading 

Answer:

Explanation: 


Q385. On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. 

Which of the following is the MOST likely cause for this issue? 

A. Too many incorrect authentication attempts have caused users to be temporarily disabled. 

B. The DNS server is overwhelmed with connections and is unable to respond to queries. 

C. The company IDS detected a wireless attack and disabled the wireless network. 

D. The Remote Authentication Dial-In User Service server certificate has expired. 

Answer:

Explanation: 

The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will be configured with a digital certificate. When a digital certificate is created, an expiration period is configured by the Certificate Authority (CA). The expiration period is commonly one or two years. The question states that no configuration changes have been made so it’s likely that the certificate has expired. 


Refresh SY0-401 real exam:

Q386. Which of the following is a management control? 

A. Logon banners 

B. Written security policy 

C. SYN attack prevention 

D. Access Control List (ACL) 

Answer:

Explanation: 

Management control types include risk assessment, planning, systems and Services Acquisition as well as Certification, Accreditation and Security Assessment; and written security policy falls in this category. 


Q387. A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone’s boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program? 

A. Zero-day 

B. Trojan 

C. Virus 

D. Rootkit 

Answer:

Explanation: 

A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs. 


Q388. Which of the following attacks would cause all mobile devices to lose their association with corporate access points while the attack is underway? 

A. Wireless jamming 

B. Evil twin 

C. Rogue AP 

D. Packet sniffing 

Answer:

Explanation: 

When most people think of frequency jamming, what comes to mind are radio, radar and cell phone jamming. However, any communication that uses radio frequencies can be jammed by a strong radio signal in the same frequency. In this manner, Wi-Fi may be attacked with a network jamming attack, reducing signal quality until it becomes unusable or disconnects occur. With very similar methods, a focused and aimed signal can actually break access point hardware, as with equipment destruction attacks. 


Q389. An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk? 

A. (Threats X vulnerability X asset value) x controls gap 

B. (Threats X vulnerability X profit) x asset value 

C. Threats X vulnerability X control gap 

D. Threats X vulnerability X asset value 

Answer:

Explanation: 

Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF). This is used to calculate a risk. 


Q390. Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal? 

A. A host-based intrusion prevention system 

B. A host-based firewall 

C. Antivirus update system 

D. A network-based intrusion detection system 

Answer:

Explanation: 

A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet.